Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

On March 27th, 2010 mikeperry said:

I want to point out that this is the first bundle we are shipping with NoScript and BetterPrivacy. We've decided to attempt this as a trial in Linux TBB for a few reasons. After the remote font exploit of Firefox 3.6 and the apparent ~2 month delay between exploit code and fix, we've come to the conclusion that we need to do a bit more to protect our users against Firefox 0day being held by the underground and aboveground exploit markets. See:

We also want to provide at least some way for people to view YouTube videos and other flash content without completely sacrificing their privacy and anonymity while viewing all websites. Our plan is to make it so that people who insist on viewing flash content can simply uncheck "Disable plugins for Tor usage", and only be at risk when they actually decide to load a plugin (possibly GnashPlayer) by clicking on its NoScript Placeholder. Basically, we would like to replace this long FAQ entry with a much simpler one that still has an appropriate warning: https://www.torproject.org/torbutton/faq.html.en#noflash

In addition, we've decided to try to deploy a list of popular sites that have insecure https functionality that can be secured by NoScript. Right now, we are attempting to secure *twitter.com *facebook.com blog.torproject.org www.torproject.org docs.google.com addons.mozilla.org www.stumbleupon.com. We are open to any suggestions for additions to this list, and what we might do about any problems that arise.

The Noscript config shipped with the bundle has the following additional general properties:

1. It disables the redirect to noscript.net on updates.
2. It simplifies the context menu down to just enable/disable javascript
3. It sets Javascript to be enabled by default.
4. It replaces most common media types and plugins with placeholders

We're open to any suggestions or comments about this approach. I am also discussing usability issues with Giorgio to try to help make NoScript a bit easier to use in general.

On March 27th, 2010 Anonymous said:

Where is the TorProject going?!!!!!!!!!!!!!!!!! At first it was the Google Summers of Code (Google is the #1 evil multinational company i'm aware of; long before Microsoft!!!). And now, NoScript inside a TOR Browser Bundle!!!!!!!!! The last time i said something about NoScript was here: http://forums.lanik.us/viewtopic.php?f=86&t=5809#p23619 !!!!!!!! ~bee!!!!!!!!!!!!!!!

On March 27th, 2010 Anonymous said:

I don't see how adding some extensions to a beta tor browser bundle makes them tied to google at all. I'm guessing tor people have analyzed noscript and better privacy to make sure they are secure enough and not snooping on users.

On April 2nd, 2010 Anonymous said:

...hard to follow your logic...too many holes..

On March 27th, 2010 Anonymous said:

Would also the RequestPolicy maybe be an idea to add to the bundle?

On March 27th, 2010 phobos said:

Personally, I think request policy is the only extension a tor users needs, however mikeperry brings up valid points.

Typical users are baffled by request policy as they don't understand how the webpages they view are actually setup. When 90% of the web stops working for them as they expect it, they'll just disable it and get no protection.

On March 27th, 2010 mikeperry said:

Yeah, in addition to usability, I also feel that Request Policy makes more sense when you have more trust in your network connection and/or perhaps just want to dodge some ads, tracking scripts, and web noise. Personally, I use Request Policy as more of an advisory role, so that I can become more aware of what different pages tend to be sourcing. I rely on NoScript and Adblock to filter out the noise and the malware.

For our bundles, I prefer NoScript because I believe NoScript is addressing the root problem here: it gives you the ability to disable/augment individual components of the browser prone to exploitation. A malicious Tor exit node can feed you malware from any domain, and websites can also serve you syndicated (read: malware spiked) ads, plugin content, and tracking scripts from their own domain origin.

As I said, I've been discussing usability with Giorgio, and he claims that adding "Novice" and "Intermediate" modes to NoScript is on his TODO list. I am really hopeful about an "Intermediate" mode, where users can say that for example they want to allow scripts from "Twitter.com" and "facebook.com" and ban them everywhere else. These filters would then apply based on the domain in the url bar, not the domain of the sourced content. I think this would actually be usable by most people, as it fits more in line with their mental model of the web (and would also protect them in cases where for example facebook's tracking scripts appear everywhere due to advertising partnerships).

On March 27th, 2010 Anonymous said:

Well; i want to compare this Tor Browser Bundle for GNU/Linux (the official belonging to the TOR Project), with my one (Factorbee)!!!!!!!!!!!!
This TorBB of the torproject hasn't been well-made!!!! It actually sucks!!!!! Six months for this crap lol!!!!!!!!!! It's the same "Tor Browser Bundle for Windows" made for Linux, without anything of new, no improvements... it's just a (bad)copy!!!!!! yes, there is something of new: NoScript and BetterPrivacy!!!!!!! The first addon is almost garbage, and the last one is useless if you really want to have any privacy online!!!!!!!!!!!!! I made Factorbee with in my mind an absolute protection for who's using it!!!!!!!!!! I made a script to run FactorBee from EncFS (encrypted filesystem) or from a TmpFS (temporary filesystem in RAM/swap), supporting RAM disks and multiple firefox profiles, etc.... I made something of original!!!!!!! I built firefox without the support for plugins, it's disabled at compiling-time!!!!!! This is the reason why i don't need BetterPrivacy!!!!!!! Cookies are disabled, but you can enable them!!! Javascripts are disabled, but you can as well enable them with one click on the QuickJava addon, you don't need a bloatware like NoScript!!!!!!! I know that my Factorbee doesn't support neither JAVA nor Flash (nor anything that runs as a plug-in), but this is a feature!!!!!!!!!!!! Why does anyone cares of JAVA?!!!! Or Flash?!!!! Ok, you can use Flash to watch videos on Youtube, but you can just download them before and watch them later, you don't need Flash (it's a dangerous, anti-privacy, closed-source, proprietary technology, belonging to a multinational company... there is no reason to support it!!!!!!!!). But, if you need a fast connection, to read and upload texts anonymously; why would you need flash at all?!!!!!!!! With FactorBee you can also disable/enable the loading of images with one click: i'm much more thinking about an application to be fast and working, not filled up with useless technologies!!!!!!! The official TBB doesn't support external shell-scripts, for example you can't download files without opening Firefox, i added cURL-based scripts (and cURL is embedded into my package) to allow people to download files with a more stable application rather than FF (cURL used from the script i made, also supports the resuming of failed downloads automatically!!!!!!!!).... Well, there is much more, but you can just look for it at the website of FactorBee: http://honeybeenet.altervista.org/factorbee/ (i cant rewrite everything here!!!!!!!!!!!). I'm only thinking that if i took one month to make FactorBee, and the TorProject took six months to make an average/boring TBB, then i'm much better!!!!!!!!!!!!!!!!!!!!!!! or perhaps the tor project is going downhill!!!!(i'm hoping no though!!!!!) ~bee!!!!!!!!!!!!

On April 4th, 2010 Anonymous said:

Are you unable to use less than 100 exclamation marks per post? Who would even spend the time to read this inane banter?

On April 6th, 2010 Anonymous said:

Hi!!!!!!!!!!!!!! Well, if you don't want to look at the exclamation marks, just don't look at them!!!!!!!!!!!!!!!!!!!!! bye!!!!!!! ~bee!!!!!!!!!!!!!!

On March 27th, 2010 Anonymous said:

Six months and it's not even working!!!!!! If you close VIDALIA, FireFox is still running!!!!!!!!! I expected it be closed too!!!!!(take a look at the source code of Factorbee and copy from it...lol!!!!!!!!!!!!) ~bee!!!!!!!!!!!

On March 27th, 2010 Anonymous said:

I trust the tor project to do the research and the right thing over time. Trusting some fucking nutball with an exclamation point problem is not going to happen, source available or not.

On March 27th, 2010 Anonymous said:

"source available or not". A dumb way to trash a whole post.

On March 27th, 2010 Anonymous said:

So, let me wonder about this!!!!!!!! somebody who (i'd to image) never did anything of good for the others (he's you, lol!!!) -- using all, but no one real and good reason to support his point of view -- likes more the TBB for GNU/Linux made by the TorProject instead of mine?!!!!!!!!!!!!!?!!!! Well, i don't care!!!!!!! Why should i care!?!!!!!!!! I don't care!!!!! With the reasons you provided, i just dont care!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! And, in the end, your "source available or not"remark is the final nonsense that makes me image you like «the ideal user for Windows»!!!!!!!!!!!!!!!!!!!! ~bee!!!!!!!!!

On March 27th, 2010 Anonymous said:

The factorbee scripts are pretty interesting. You should check them out. Beware though, the source tarball unpacks directly into the current directory instead of a subdir. Not ideal.

On March 28th, 2010 phobos said:

bee, I respectfully suggest:

"tar -jcf factorbee-source.tar.bz2 ./factorbee-source"

On March 28th, 2010 Anonymous said:

Hi phobos!!!!!!!!!!!! Yeah!!!!!!!!!!!!!! that's a very good idea!!!!!!!! I think that i've to rename the source folder to the current date (factorbee-source-20104321) and then compress it in the way you suggested!!!!! ~bee!!!!!!!!!!!

On March 29th, 2010 Anonymous said:

Done with today's release!!!!!! and thank you!!!!! ~bee!!!!!!

On March 28th, 2010 phobos said:

Before this turns into any more of a flamewar, if bee has suggestions, we're happy to collaborate with him/her on making tbb better. This antagonistic relationship is not helping anyone. Our goal is with the browser bundle is to help non-technical users protect their privacy and anonymity online. We try to do this by making a complete bundle that just works without any configuration. This appears to be what factorbee is trying to do as well. Fighting about it is just a waste of resources.

One thing we're considering is the inclusion of Gnash (http://www.gnashdev.org/) instead of flash. Gnash has the added features of being able to not store flash cookies or wipe all flash cookies. Gnash is a bit rough on Windows right now, so if we can find some funding to make gnash better, we'll do so. Gnash could work just like flash, and enable people to safely do more flash-based activities on the 'net.

On April 4th, 2010 Anonymous said:

You can avoid Flash on YouTube by using their HTML5 page. Though, I'm not quite sure all their vids work but it's a start.

On March 28th, 2010 Anonymous said:

hi! I am chinese. Tor had been invalid in china. Although it can be connected, nothing can be browsed what we aren't allowed to know.

On March 28th, 2010 Anonymous said:

I would also suggest that the Perspectives firefox plugin be included in this pack:

http://www.cs.cmu.edu/~perspectives/firefox.html

On May 13th, 2010 Anonymous said:

Perspectives is a great addon, but not for Tor browsing, because it has DNS leaks. Read the comment by -VladV- in that page.

On March 31st, 2010 Anonymous said:

Any tutorial on how to setup Tor on Kubuntu? It doesnt seem to work well.

I never use Tor without noscript installed. Good choice in shipping it with the browser.

On April 3rd, 2010 Anonymous said:

Nice work, seem work good, thanks for all your work :D

SwissTorExit

On April 3rd, 2010 Anonymous said:

it work well on ubuntu,thank the developers.

On April 4th, 2010 Anonymous said:

I got libpng error on Arch Linux...

On April 6th, 2010 Anonymous said:

Hi!!!!!!!!!!!!!!!! Yeah, i've got your same error with factorbee when i first tested it!!!!!!! this is why since its first version i added the libpng14 package to factorbee!!!!!!! I think that the main problem with ArchLinux is the lack of libpng12!!!!!!!!!!!!! So, you can either compile everything with the libpng14 (and ship it along with your TorBB!!! and this is what i'm doing with factorbee!!!!!!!!!!) or install the libpng12 from AUR!!!!!!!!!!!!!!!!!!!!!!!!!!! follow this LINK: http://aur.archlinux.org/packages.php?ID=33795 !!!!!!!!!! Or else just use factorbee!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ~bee!!!!!!!!!!!!!!!!!

On May 31st, 2010 Anonymous said:

I'm not saying you don't have valid points (and I certainly detest Flash) but you must realize that it is very difficult to take anyone who uses that many exclamation points seriously. (!!!!!!)

And just what is your objection to NoScript?

On April 6th, 2010 Anonymous said:

I would also very much like to see RefControl add-on included in *nix and Windows TBB packages. It is a great tool using "forge" for root of all sites. Mike Perry has had this feature on his wish list for TorButton for some time.

RefControl https://addons.mozilla.org/en-US/firefox/addon/953

On April 26th, 2010 Anonymous said:

Hi,

When I use Tor-BB for Linux and then start my installed Firefox the second instance of non-Tor FF uses the profile of Tor-BB, i.e., all my bookmarks, etc from my default install of non-Tor Firefox are gone, my non-Tor FF opens to the Tor exit node verification page that is default homepage of Tor-BB ( https://check.torproject.org/ ). This is not something I think is preferable, or 'safe'. The Windows Tor-BB does not behave like that, if I open a default non-Tor FF install on Windows after I start Windows Tor-BB the non-Tor FF uses it's own profile, not that of the running Tor-BB. AFAIK, TorButton also is now able to separate the two profiles so there is not risk of mixing non-Tor FF and Tor-BB FF profiles.

Is it possible to build Linux Tor-BB so an installation of FF (not using Tor) can run at the same time, i.e., be started _after_ Tor-BB has been started while _not_ using Tor-BB profile?

The reason I ask is I like to listen to Pandora, or do other non-anonymous Internet work while I use Tor-BB, sometimes it takes minutes to load a page with Tor-BB so I like to use the idle time effectively, i.e., writing work emails, etc.

Thanks!

On June 12th, 2010 Anonymous said:

I'm having the same issue, this isn't a problem for the Windows version. I'm really excited about this 'nux version, but simultaneous instances are a dealbreaker.

On May 2nd, 2010 Anonymous said:

This is a great solution and I am very impressed that I can now use Tor Browser bundle on a new installation of Ubuntu. Before I had been using the less than satisfactory Windows bundle, but this linux version allows Tor access to the net and when I close my live-cd version of Unbuti, everything more truely vanishes, without trace, from my computer system.

I have tried live-cd's with Tor installed within an .iso, but these live-cd's require a high level of trust to use and they are so often produced in ways that lack trnsparency and oh so often they are poorly maintained.

I can now easily use the this bundle, with ad hoc installations of truecrypt as well and I am now much happier to use Ubuntu as a core OS, Ubuntu is well resourced and regular security updates are available and now it's last incarnation is easier to use.

Thanks for this, it is brilliant and I can now, with more confidence, recommend this linux bundle.

On May 31st, 2010 Anonymous said:

Do you actually install TBB from scratch each and every time you boot from the live CD?

Or are you using live with persistence?

On May 2nd, 2010 Anonymous said:

Please add scroogle and the https proxy search engine https://eu.startpage.com/?r=4339 the latter is advertised as the the "worlds most private search engine"

On May 3rd, 2010 Anonymous said:

I have just given the new Ubuntu [1]] version a whirl and it does seem an excellent platform to use with this Tor-Linux bundle. Also Ubuntu allows more than one operation of Fire Fox to be working, so it is possible to simultaneously have one with Tor enabled and another without, though it seems worthwhile giving one of them a different theme/persona, so they don't get mixed up.... More Fire Fox addons can be easily added and I have found FireGPG [2] quite handy to encrypt files and messages for insertion into web based email services, though a local install ofThunderbird and Enigmail [3] can also be used, but I find the extra effort to use FirePGP helps me lever the most out of Tor/Fire Fox.